steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

split forgejo-runner into own service file for staged deployment

Browse source 
- Extract forgejo-runner config from forgejo.nix into forgejo-runner.nix
- Move forgejo-runner to stage 2 (requires running Forgejo for token)
- Remove all stage-2 secrets from sops.nix (each service file owns its secrets)
- Update first-install docs with corrected staged deployment flow
- Fixes deployment failure caused by runner crashing with placeholder token
This commit is contained in:
steffen 2026-03-14 12:22:33 +01:00
parent da37a2dce3
commit 4c560abffd
6 changed files with 36 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

26
docs/getting-started/first-install.md
View file

@ -243,30 +243,13 @@ Services **ohne externe Abhaengigkeiten** aktivieren:
./sops.nix
# Stufe 2: Erst nach Schritt 4 aktivieren
# ./headplane.nix # braucht: headplane/agent_pre_authkey (Headscale)
# ./tailscale.nix # braucht: tailscale/auth-key (Headscale)
# ./forgejo-runner.nix # braucht: forgejo-runner/token (Forgejo)
# ./headplane.nix # braucht: headplane/agent_pre_authkey (Headscale)
# ./tailscale.nix # braucht: tailscale/auth-key (Headscale)
];
}
```
Ebenso in `hosts/<hostname>/services/sops.nix` die Secrets-Definitionen wieder
einkommentieren, **aber nur die fuer Stufe-1-Services**:
```nix
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
# "forgejo-runner/token" = { }; # Stufe 2
"tailscale/auth-key" = { };
};
};
```
> **Hinweis:** `tailscale/auth-key` muss in `sops.nix` definiert bleiben, da das
> Tailscale-Modul es referenziert. Es wird aber erst in Schritt 4 mit einem
> echten Wert befuellt. Solange Tailscale nicht importiert ist, hat das keinen
> Effekt.
### 3.5 Deployen (Stufe 1)
```bash
@ -329,6 +312,7 @@ Nachdem der Server mit Headscale und Forgejo laeuft:
{
imports = [
./forgejo.nix
./forgejo-runner.nix
./headplane.nix
./headscale.nix
./mailserver.nix
@ -341,8 +325,6 @@ Nachdem der Server mit Headscale und Forgejo laeuft:
}
```
Und in `sops.nix` auch `forgejo-runner/token` einkommentieren.
6. **Erneut deployen**:
```bash